Slashdot videos: Now with more Slashdot!

View

Discuss

Share

We've improved Slashdot's video section; now you can view our video interviews, product close-ups and site visits with all the usual Slashdot options to comment, share, etc. No more walled garden! It's a work in progress -- we hope you'll check it out (Learn more about the recent updates).

mistermark writes "I built a fully encrypted (samba) fileserver with a web interface for managing torrent downloads on it. All I used is OpenBSD 3.6 and its package collection, except for the TorrentFlux-interface (which you need to install separately). Anyway, it can be built using binary packages only. I included a rough HOWTO on how to make one of these yourself."

I'm guessing the encryption password needs to be re-entered on reboot (before mounting the FS, it seems). So if the feds bust in and kick you off your warez box, as long as they dont switch it off, they've got your 0-day filez in the plain. Just dd it all across the network.

And oh yeah, with SMB as your network file system, is the traffic securely encrypted? Weakest link, and all that...

Password? Encrypted? Officer, those files aren't encrypted, they are just randomly generated files I made...
On a more serious note, it would be a nice safety feature if that when a certain wrong password was typed in, it would show an unencrypted version of something completely legal.

So if the feds bust in and kick you off your warez box, as long as they dont switch it off, they've got your 0-day filez in the plain.

I've always had the power strip for my box on the floor next to my left foot. If I need to do an emergency power-off cuz the FBI wants to talk to me or because I got some Jenna Jameson on the screen and my boss just walked in, I can hit it in a hearbeat.

Not that I would ever put myself in a situation like that, but I'd rather be prepared "just in case".

That already exists. I forget what it's called, but there's a type of encryption where you actually encrypt two files into one, so if someone forces you to hand over the key, you give them a secondary one wich unencrypts the dummy files. Then all they have is, for example, a bunch of fake emails about you cheating on your spouse or something. I mean, if it was just a shopping list, that'd look suspicious, you'd want it to be something that would need to be encrypted, but not of interest to the party forcing you to surrender the info.

The only difference between 2000 and XP's EFS system for data recovery agents (DRAs) is that 2000 used to make administrators DRAs by default but XP requires you to do it manually using this procedure [microsoft.com].

Yeah, you can lose your data, if you reset the user's password. Before you reset a password, a big ugly warning box is shown stating that the user might expierence data loss. (a dialog not present in 2000). It's not like you'll magically lose your files in XP for no reason.

This information means that you can lose your files in Windows XP in a way that you could not lose them in Windows 2000. Microsoft made this change, but provided no on-screen warning.

This isn't a new way to lose files. It's a simple change in the default configuration. An on screen warning? What do you want, an immense file shown on screen during installation listing all the changes in the operating system since the last version? A warning displayed every time you encrypt a file? What if the user really wants to have no DRAs?

If you are concerned about the status of DRAs, go and check the group policy yourself.If you don't know how to set up and query DRAs correctly (it's not hard) then you shouldn't be using EFS at all.

It should say, Stand-alone computers CANNOT have a DRA that allows decryption of files from a different computer with the same user name and password.

Sure you can. Make sure you connect using the "Connect using a different user name" option. You may have to do it by mapping a drive letter. If you have computers where you are maintaining a set of identical users with the same passwords, it's probably time to upgrade to a domain. That's what they are for.

Of course, that's dd from a CD-ROM full of statically linked programs. Investigators shouldn't trust target machines for anything. And if you ever look at a machine that may wind up in court, make sure you don't do anything that writes to the hard disk.

The Secret Service guidelines for seizing computers say to consult a computer specialist if possible before doing anything, but if there's no specialist to be had they say to yank the power cord.